What's in the log files?

Direct request from a browser (Chrome)

Interesting.. it seems the browser is requesting the unencrypted image, then realizes the redirects and then loads the HTTPS image. Later with tcpdump we'll check if the image really is transferred two times.

Embedded request

To test this I made a simple HTML file and uploaded it to one of my webservers.